fix impossibility remove file with two dots

modxcms · Feb 9, 2019 · 6fc582c · 6fc582c
1 parent af48a7c
commit 6fc582c
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/core/model/modx/processors/browser/file/create.class.php b/core/model/modx/processors/browser/file/create.class.php
@@ -33,7 +33,7 @@ public function process() {
         $directory = ltrim(strip_tags(preg_replace('/[\.]{2,}/', '', htmlspecialchars($directory))),'/');
 
         $name = $this->getProperty('name');
-        $name = ltrim(strip_tags(preg_replace('/[\.]{2,}/', '', htmlspecialchars($name))),'/');
+        $name = ltrim(strip_tags(htmlspecialchars($name)),'/');
 
         $loaded = $this->getSource();
         if (!($this->source instanceof modMediaSource)) {

diff --git a/core/model/modx/processors/browser/file/remove.class.php b/core/model/modx/processors/browser/file/remove.class.php
@@ -33,7 +33,9 @@ public function process() {
         if (empty($file)) {
             return $this->modx->error->failure($this->modx->lexicon('file_err_ns'));
         }
-        $file = preg_replace('/[\.]{2,}/', '', $file);
+        $directory = preg_replace('/[\.]{2,}/', '', htmlspecialchars(pathinfo($file, PATHINFO_DIRNAME)));
+        $name = htmlspecialchars(pathinfo($file, PATHINFO_BASENAME));
+        $path = $directory.$name;
 
         $loaded = $this->getSource();
         if (!($this->source instanceof modMediaSource)) {